- djm@cvs.openbsd.org 2014/01/09 23:20:00
[digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
[kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
[kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
[schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
Introduce digest API and use it to perform all hashing operations
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
feedback, ok markus@
diff --git a/kexgex.c b/kexgex.c
index b60ab5c..c2e6bc1 100644
--- a/kexgex.c
+++ b/kexgex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgex.c,v 1.27 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kexgex.c,v 1.28 2014/01/09 23:20:00 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -36,10 +36,12 @@
#include "cipher.h"
#include "kex.h"
#include "ssh2.h"
+#include "digest.h"
+#include "log.h"
void
kexgex_hash(
- const EVP_MD *evp_md,
+ int hash_alg,
char *client_version_string,
char *server_version_string,
char *ckexinit, int ckexinitlen,
@@ -52,8 +54,7 @@
u_char **hash, u_int *hashlen)
{
Buffer b;
- static u_char digest[EVP_MAX_MD_SIZE];
- EVP_MD_CTX md;
+ static u_char digest[SSH_DIGEST_MAX_LENGTH];
buffer_init(&b);
buffer_put_cstring(&b, client_version_string);
@@ -84,15 +85,14 @@
#ifdef DEBUG_KEXDH
buffer_dump(&b);
#endif
-
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
- EVP_DigestFinal(&md, digest, NULL);
+ if (ssh_digest_buffer(hash_alg, &b, digest, sizeof(digest)) != 0)
+ fatal("%s: ssh_digest_buffer failed", __func__);
buffer_free(&b);
- *hash = digest;
- *hashlen = EVP_MD_size(evp_md);
-#ifdef DEBUG_KEXDH
- dump_digest("hash", digest, *hashlen);
+
+#ifdef DEBUG_KEX
+ dump_digest("hash", digest, ssh_digest_bytes(hash_alg));
#endif
+ *hash = digest;
+ *hashlen = ssh_digest_bytes(hash_alg);
}